Administer access control

We can use the administration API to create, modify, examine, list, and delete Security Verify Access access control lists (ACLs). Use the administration API to attach ACLs to ISAM protected objects, and to detach ACLs from protected objects. Each ACL might contain entries for specific users and groups. We can use the administration API to set ACL entries for users and groups that exist in the ISAM secure domain. We can also use the administration API to set ACL entries for the default user categories any-other and unauthenticated.

ACL entries consist of one or more permissions. These permissions specify actions the owner of the entry is allowed to perform. ISAM provides a number of default permissions. We can use the administration API to define additional extended actions.

We can also use the administration API to group the extended actions into action groups. Understand the construction and use of ACLs before using the administration API ACL functions. The proper use of ACLs is key to successfully implementing a security policy. See the chapter about using access control lists in the IBM Security Verify Access for Web: Administration Guide.

• Administer access control lists
  
• Administer access control list entries
  
• Administer access control list extended attributes
  
• Administer action groups
  
• Administer extended actions
  

Parent topic: Administration Java Developer Reference